New Delhi: India is the sixth most breached country in the world, since the first recorded digital attacks in 2004, according to a study released by Netherlands-based cybersecurity company Surfshark Monday.
This means that 18 out of every 100 Indians had their personal contact details breached since 2004, the study noted.
Surfshark’s analysis revealed that in the past 18 years, 14.9 billion accounts were leaked globally and a “striking 254.9 million of them belong to users from India”.
“Study shows that a striking 962.7 million Indian data points have been leaked so far, most of them passwords, names and telephone numbers. Statistically, per every 10 leaked accounts in India, half are stolen together with a password,” a statement released by the company noted.
A ‘data point’ is a numerical entity given to any piece of information belonging to an individual. If there is a breach and the people behind it steal ‘data points’, that means the victim’s age, name, bank accounts, phone numbers etc become easily accessible.
“Indians lose 3.8 data points per data breach, while the global average is only 2.3. Some of the reasons for this could be user habits or data collection practices of Indian online services and applications. A striking 962.7 million Indian data points have been leaked so far, most of them passwords, names and telephone numbers,” the study further noted.
It also said that one of the most common ways in which accounts are leaked is via password cracking.
India’s new cybersecurity directive
The study also pointed out India’s new cybersecurity directive, CERT-In (Computer Emergency Response Team), which requires VPNs (virtual private network) to store user data for a period of five years.
“The new CERT-In directive calls companies to extensive data collection within Indian jurisdiction, putting even more of users’ data at risk to be breached,” the study noted.
Commenting on the recent directive, Gytis Malinauskas, head of legal at Surfshark, said, “Taking such radical action that highly impacts the privacy of millions of people living in India will most likely be counterproductive and strongly damage the sector’s growth in the country. Ultimately, collecting excessive amounts of data within Indian jurisdiction without robust protection mechanisms could lead to even more breaches nationwide.”
The government’s latest directive in April has not gone down well with many VPN providers “who deliver privacy through end-to-end encryption and masking user location”.
Surge in global data breach
According to the study, the US has the highest number of breached accounts in the world. The country has “15.4 per cent of all breached email addresses globally”.
“Russia has the highest number of breached accounts per 100 inhabitants. Statistically, the email address of every Russian account was breached around 15 times. This number is 7.8 times higher than the global average,” the study noted.
After India, France, UK, Germany, Brazil, Italy and Canada have seen high data breaches, according to the study.